CVE-2026-4650 - FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler
CVE ID :CVE-2026-4650 Published : May 2, 2026, 7:46 a.m. | 20 minutes ago Description :The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donate_
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] İranlı Gruptan Ubuntu’ya Saldırı
- [CYBER] INSA Inks Proclamation to Bolster Cybersecurity Defenses
- [CYBER] From Hardship to Hazard: Tackling Ethiopia’s Migration Pressures
- [CYBER] CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog
- [CYBER] CVE-2026-41940 cPanel Exploitation From a Honeypot Perspective
- [CYBER] New Deep#Door RAT uses stealth and persistence to target Windows